Skip to main content
CVE-2023-37550 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37549 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37548 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37547 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37546 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37545 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33368 MEDIUM This Month

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Id Idsecure
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37501 MEDIUM This Month

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37500 MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37499 MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30958 MEDIUM This Month

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-20218 MEDIUM This Month

A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Spa500Ds Firmware Spa500S Firmware Spa501G Firmware +9
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20181 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Spa500Ds Firmware Spa500S Firmware Spa501G Firmware +9
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4118 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cute Http File Server
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30950 MEDIUM This Month

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Authentication Bypass Foundry Campaigns
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-3766 MEDIUM PATCH This Month

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Odoh Rs
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-3348 MEDIUM PATCH This Month

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wrangler
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-3749 MEDIUM This Month

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Videoedge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-4133 MEDIUM This Month

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4132 MEDIUM This Month

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-20204 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Broadworks Application Delivery Platform Broadworks Application Server Broadworks Xtended Services Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39097 MEDIUM This Month

WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webboss Io Cms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-39096 MEDIUM This Month

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webboss Io Cms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38958 MEDIUM This Month

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bioaccess Ivs
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-20215 MEDIUM This Month

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25524 MEDIUM This Month

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Microsoft Omniverse Launcher
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-30952 MEDIUM This Month

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foundry
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3669 LOW Monitor

A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy